fix in upstream now

From 8b94e111e58fc5d8a2cf47effaaf410a6e4eca46 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Tue, 18 Dec 2012 15:38:51 -0500
Subject: [PATCH] make hardened compiler flags optional

First note: the default behavior is unchanged.

For people building tlsdate themselves with a known toolchain env, the
checked flags can be redundant, or even harmful.  A compile/link check
for PIE behavior for example might not catch the full supported status
for some architectures/C libraries.

Further, the current code starts by throwing away the user's compiler
settings which can also be harmful.  Those often times include settings
related to ABI or target cpu selection and ignoring them can produce an
unusable binary.

So add a flag that people (including distros) can leverage to bypass
all of the checks.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
 configure.ac | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/configure.ac b/configure.ac
index 555ae28..f6efb0b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -67,19 +67,28 @@ AC_SUBST(RT_LIB)
 
 # Debug and hardening flags all in one shot
 # Alwas do this at the end, otherwise you end up filtering system/other libraries
+AC_ARG_ENABLE([hardened-checks],
+              [AS_HELP_STRING([--disable-hardened-checks],
+                              [Disable automatically enabling hardened toolchain options])])
 AC_DEFUN([LOCAL_CHECK_FLAGS],[
           AC_REQUIRE([AX_CHECK_LINK_FLAG])
           AC_REQUIRE([AX_APPEND_COMPILE_FLAGS])
           AC_LANG_PUSH([C])
-          CFLAGS=
-          LIBS=
-          AX_APPEND_COMPILE_FLAGS([-g -O1 -Wall])
-          AX_APPEND_COMPILE_FLAGS([-fno-strict-aliasing])
-          AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2 -fstack-protector-all])
-          AX_APPEND_COMPILE_FLAGS([-fwrapv -fPIE -Wstack-protector])
-          AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1])
-          AX_CHECK_LINK_FLAG([-z relro -z now])
-          AX_CHECK_LINK_FLAG([-pie])
+          AS_IF([test "x$enable_hardened_checks" != xno], [
+              CFLAGS=
+              LIBS=
+              AX_APPEND_COMPILE_FLAGS([-g -O1])
+          ], [
+              AC_MSG_WARN([using hardened flags is HIGHLY RECOMMENDED and disabling them is a BAD IDEA])
+          ])
+          AX_APPEND_COMPILE_FLAGS([-Wall -fno-strict-aliasing])
+          AS_IF([test "x$enable_hardened_checks" != xno], [
+              AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2 -fstack-protector-all])
+              AX_APPEND_COMPILE_FLAGS([-fwrapv -fPIE -Wstack-protector])
+              AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1])
+              AX_CHECK_LINK_FLAG([-z relro -z now])
+              AX_CHECK_LINK_FLAG([-pie])
+          ])
           AC_LANG_POP
           ])
 LOCAL_CHECK_FLAGS
-- 
1.8.0